News That Makes Gmail 'Two-Step' Easier to Use

By James Fallows

I really wasn't going to say anything more about this topic, really, but reader A.O. just pointed a new (to me) wrinkle in Google's "two-step verification" system that seems too significant not to pass on.

BEFORE: When you logged into Gmail from one of your "normal" computers -- laptops, desktop -- you could click a box saying "don't ask me for my authorization code from this computer for the next 30 days."

AFTER: It now appears that Gmail lets you designate certain computers as "trusted," on a permanent basis. Once you do so, it won't ask you for confirmation codes on that computer ever again, until something changes.

This is consistent with some other security systems. For instance, Vanguard lets me log into my account with a simple username/password combo -- unless it detects that I'm using an unfamiliar computer, or from an unrecognized ISP, in which case it asks for other confirmations. It is also consistent with Gmail's current handling of the dreaded "application specific passwords" -- the codes that allow you to authorize your iPad or smartphone indefinitely, with no 30-day limit. I've sent a query to Google asking for more info about the change and will report back. At face value, it makes the two-step system easier to use. And as A.O. says:

The every 30 days requirement was kind of silly, anyway, since if my computer was stolen one of the first things I'd do would be to log in to Google and shut down access to Gmail, but as long as I have my computer it's unlikely to physically used in an attack.

Just in case you missed it, this is the news: On your normal computers, using two-step now means that you have to enter the smartphone code ONE TIME ONLY -- but from that point on you will also be protected against remote hacking attacks.

In the "fair and balanced" spirit, here is a dissenting message I just received:

just a quick note to let you know that after a few hours of my personal efforts and two trips to the Apple genius bar the two step verification attempt has rendered my apple mail program on my laptop completely inoperable, though it worked well for the iphone and iPad.

I think this explains why so few people adopt optional security measures - they quite rightly know that it will definitely turn into a many hour disaster, as opposed the abstract possibility of being a hacking victim....

I don't even know what to do now. Just an unbelievable mess. Seriously, learning how to dance would be easier.

I don't know what the problem is, obviously I'm sorry for it, and I do know that I have done two-step installations in exactly these circumstances (hardware and software) many times with no problems whatsoever. But for the record, that's another view